From our computers to our smartphones, our devices hold a treasure trove of sensitive information. Still, we can be negligent with that precious data, whether we’re accidentally leaving our iPhones sitting somewhere or clicking a suspicious link on our computers. Now, Apple is reckoning with a new security flaw that can affect all devices without any apparent error on the user’s part—and there’s only one way to fix it or risk getting hacked. Read on to find out what Apple is warning users to do to all their devices immediately.
RELATED: If You See This on Your iPhone, Don’t Click It, Experts Warn.
Researchers at Citizen Lab, a cybersecurity watchdog organization at the University of Toronto, recently uncovered an Apple security flaw that has allowed Israel’s spyware company NSO Group to infect anyone’s iPhone, iPad, Apple Watch, or Mac computer with highly invasive spyware, The New York Times reported on Sept. 13. The spyware, called Pegasus, was discovered on a Saudi activist’s iPhone by the organization. According to the discovery, more than 1.65 billion Apple products used worldwide have been vulnerable to the NSO’s spyware since at least March.
Pegasus uses a “zero click remote exploit” method which can turn on a phone’s camera and microphone without its user even needing to click a scam or phishing link, according to the NYT. This allows the spyware to record messages, texts, emails, and calls, and send them back to NSO’s clients at governments around the world. The spyware can even capture messages sent with encrypted messaging and phone apps, like Signal.
According to the NYT, Citizen Lab found that the Saudi activist had received an image that was invisible but exploited a vulnerability in the way that Apple process images, allowing Pegasus spyware to be secretly downloaded onto the activist’s iPhone.
RELATED: For more tech news delivered straight to your inbox, sign up for our daily newsletter.
In order to bypass the possibility of getting hit by hackers, Apple just issued emergency software updates and is asking that everyone update their devices as soon as possible. On Sept. 13, Ivan Krstić, Apple’s head of security engineering and architecture, told the NYT that he is urging customers to install iOS 14.8, MacOS 11.6, and WatchOS 7.6.2, which are the latest software updates created to fix the major security flaw.
“This spyware can do everything an iPhone user can do on their device and more,” John Scott-Railton, a senior researcher at Citizen Lab, told the news outlet. “Do you own an Apple product? Update it today.”
In a statement to Insider, Krstić said that Apple rapidly developed and deployed this update to protect all device users. But he doesn’t suspect that the average individual has been affected by the spyware. In July, human rights organization Amnesty International found that similar military-grade spyware from NSO Group had been used to hack the iPhones of journalists, activists, and executives.
“We’d like to commend Citizen Lab for successfully completing the very difficult work of obtaining a sample of this exploit so we could develop this fix quickly. Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals,” Krstić said in the statement. “While that means they are not a threat to the overwhelming majority of our users, we continue to work tirelessly to defend all our customers, and we are constantly adding new protections for their devices and data.”
RELATED: If You’re Charging Your iPhone Like This, Apple Says Stop Immediately.